'\" t
.\"     Title: radmin
.\"    Author: Alan DeKok
.\" Generator: Asciidoctor 2.0.10
.\"      Date: 2020-12-25
.\"    Manual: FreeRADIUS
.\"    Source: FreeRADIUS
.\"  Language: English
.\"
.TH "RADMIN" "8" "2020-12-25" "FreeRADIUS" "FreeRADIUS"
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.ss \n[.ss] 0
.nh
.ad l
.de URL
\fI\\$2\fP <\\$1>\\$3
..
.als MTO URL
.if \n[.g] \{\
.  mso www.tmac
.  am URL
.    ad l
.  .
.  am MTO
.    ad l
.  .
.  LINKSTYLE blue R < >
.\}
.SH "NAME"
radmin \- FreeRADIUS Administration tool
.SH "SYNOPSIS"
.sp
\fBradmin\fP [\fB\-d\fP \fIconfig_directory\fP] [\fB\-e\fP \fIcommand\fP] [\fB\-E\fP] [\fB\-f\fP
\fIsocket_file\fP] [\fB\-h\fP] [\fB\-i\fP \fIinput_file\fP] [\fB\-l\fP \fIlog_file\fP] [\fB\-n\fP
\fIname\fP] [\fB\-q\fP]
.SH "DESCRIPTION"
.sp
FreeRADIUS Server administration tool that connects to the control
socket of a running server, and gives a command\-line interface to it.
.sp
At this time, only a few commands are supported. Please type \f(CRhelp\fP at
the command prompt for detailed information about the supported
commands.
.sp
The \f(CRradmin\fP command supports full tab completion, inline help via \f(CR?\fP
and \f(CRhelp\fP, and command history.
.SH "WARNING"
.sp
The security protections offered by this command are limited to the
permissions on the Unix domain socket, and the server configuration. If
someone can connect to the Unix domain socket, they have a substantial
amount of control over the server.
.SH "OPTIONS"
.sp
The following command\-line options are accepted by the program.
.sp
\fB\-d config_directory\fP
.RS 4
Defaults to \fI/etc/raddb\fP. \fBradmin\fP looks here for the server
configuration files to find the "listen" section that defines the
control socket filename.
.RE
.sp
\fB\-e command\fP
.RS 4
Run \fIcommand\fP and exit.
.RE
.sp
\fB\-E\fP
.RS 4
Echo commands as they are being executed.
.RE
.sp
\fB\-f socket_file\fP
.RS 4
Specify the socket filename directly. The radiusd.conf file is not
read.
.RE
.sp
\fB\-h\fP
.RS 4
Print usage help information.
.RE
.sp
\fB\-i input_file\fP
.RS 4
Reads input from the specified file. If this option is not
specified, \f(CRstdin\fP is used.  This also sets \f(CR\-q\fP.
.RE
.sp
\fB\-l log_file\fP
.RS 4
Writes the commands which are executed to this log file. This
functionality is off by default.
.RE
.sp
\fB\-n name\fP
.RS 4
Read \f(CRraddb/name.conf\fP instead of \f(CRraddb/radiusd.conf\fP.
.RE
.sp
\fB\-q\fP
.RS 4
Quiet mode.
.RE
.SH "COMMANDS"
.sp
The commands implemented by the command\-line interface are almost
completely controlled by the server. There are a few commands
interpreted locally by radmin:
.sp
\fBexit\fP
.RS 4
Exit from radmin.
.RE
.sp
\fBquit\fP
.RS 4
Exit from radmin.
.RE
.sp
\fBreconnect\fP
.RS 4
Reconnect to the server.
.RE
.sp
The other commands are implemented by the server. Type \f(CRhelp\fP at the
prompt for more information.
.SH "EXAMPLES"
.sp
\fBdebug file /var/log/radius/bob.log\fP
.RS 4
Set debug logs to \f(CR/var/log/radius/bob.log\fP. There is very little
checking of this filename. Rogue administrators may be able use this
command to over\-write almost any file on the system.  However, if
the rogue administrators have write access to the main \f(CRradius.conf\fP
file, then they can do the same thing without \f(CRradmin\fP, too.
.RE
.sp
\fBdebug condition \(aq(User\-Name == "bob")\(aq\fP
.RS 4
Enable debugging output for all requests that match the condition. Any
\f(CRunlang\fP condition is valid here. The condition is parsed as a string,
so it must be enclosed in single or double quotes. Strings enclosed in
double\-quotes must have back\-slashes and the quotation marks escaped
inside of the string.
.sp
Only one debug condition can be active at a time.
.RE
.sp
\fBdebug condition \(aqUser\-Name == ""bob"") || (Packet\-Src\-IP\-Address == 192.0.2.22\(aq\fP
.RS 4
A more complex condition that enables debugging output for requests
containing User\-Name "bob", or requests that originate from source IP
address 192.0.2.22.
.RE
.sp
\fBdebug condition\fP
.RS 4
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
Disable debug conditionals.
.RE
.RE
.SH "FULL LIST OF COMMANDS"
.sp
Connect to the server and type \f(CRhelp\fP for a full list of commands.
.SH "SEE ALSO"
.sp
unlang(5), radiusd.conf(5), raddb/sites\-available/control\-socket
.SH "AUTHOR"
.sp
Alan DeKok <\c
.MTO "aland\(atfreeradius.org" "" ">"
.SH "AUTHOR"
.sp
Alan DeKok